package com.yiba.vpn.controller;


import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.crypto.MACSigner;
import com.nimbusds.jose.jwk.source.JWKSource;
import com.nimbusds.jose.jwk.source.RemoteJWKSet;
import com.nimbusds.jose.proc.JWSKeySelector;
import com.nimbusds.jose.proc.JWSVerificationKeySelector;
import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.proc.ConfigurableJWTProcessor;
import com.nimbusds.jwt.proc.DefaultJWTProcessor;

import java.net.URL;
import java.security.SecureRandom;

public class Test {

    public static void main(String[] args) throws Exception {
//        create();
        valid();
    }

    public static void create() throws Exception {
        // Create an HMAC-protected JWS object with some payload
        JWSObject jwsObject = new JWSObject(new JWSHeader(JWSAlgorithm.HS256),
                new Payload("Hello, world!"));

// We need a 256-bit key for HS256 which must be pre-shared
        byte[] sharedKey = new byte[32];
        new SecureRandom().nextBytes(sharedKey);

// Apply the HMAC to the JWS object
        jwsObject.sign(new MACSigner(sharedKey));

// Output to URL-safe format
        String result = jwsObject.serialize();
        System.out.println("result=" + result);
    }

    public static void valid() throws Exception {
//        String accessToken ="eyJraWQiOiJFWk9hNVM1ODZHUEI0WUpSZ3lmZ2lpK2k4K29aUWFReUtOeVh0UHBzeWVFPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiIxOGM3OTU0ZC03ZWU2LTQ1ODYtYTRkNi01NWYxOGY4YzY0ZDQiLCJldmVudF9pZCI6IjBkYjhiN2E1LWU1NjAtMTFlNy1hZmIxLWYxZTk5MThkNjQwYyIsInRva2VuX3VzZSI6ImFjY2VzcyIsInNjb3BlIjoiYXdzLmNvZ25pdG8uc2lnbmluLnVzZXIuYWRtaW4iLCJpc3MiOiJodHRwczpcL1wvY29nbml0by1pZHAudXMtZWFzdC0xLmFtYXpvbmF3cy5jb21cL3VzLWVhc3QtMV9RQ3ZmVTBtZzEiLCJleHAiOjE1MTM3NjIyMzcsImlhdCI6MTUxMzc1ODYzNywianRpIjoiOTQxNTg3OGQtNzRhZS00NWY1LTk0NTQtZmFlY2E5N2IzYTBkIiwiY2xpZW50X2lkIjoiN2M2Y2toY2c0ZzgzdTgxNWM5cHYwb2pjOGYiLCJ1c2VybmFtZSI6ImFwcHRlc3QxMjN4In0.cCMxdTZLuh8-SIm9ZniTLss-WAPx67_Zniz52FmkmnJOlahZdTtt-o8ghw0wkNlvh0W01LCtrGU6-rwOsDPRholdSMhdwVulzA5DkWM9mcPlrNbt7tO0fCznOXioqHsfdaYISXdT6zf_BSpql8be9GAo09oqy0VfSpaMub4AKay3xbcqAXT94sw4MRpT9WF-fYimiJrjCVA4w9T5JUIyjLTU77EIVrmyoUr0Puf96QS0NV1CSs56TA8Orc8rmYsUcyLsGD-vhMvwdsYidhVPkuPcJGO8qdT-";
    //    String accessToken = "eyJraWQiOiJFWk9hNVM1ODZHUEI0WUpSZ3lmZ2lpK2k4K29aUWFReUtOeVh0UHBzeWVFPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiIxOGM3OTU0ZC03ZWU2LTQ1ODYtYTRkNi01NWYxOGY4YzY0ZDQiyyyLCJldmVudF9pZCI6ImRlMjY5MWQ0LWU1NjAtMTFlNy1hNzAxLTk5NTFjNjBmMmE5OCIsInRva2VuX3VzZSI6ImFjY2VzcyIsInNjb3BlIjoiYXdzLmNvZ25pdG8uc2lnbmluLnVzZXIuYWRtaW4iLCJpc3MiOiJodHRwczpcL1wvY29nbml0by1pZHAudXMtZWFzdC0xLmFtYXpvbmF3cy5jb21cL3VzLWVhc3QtMV9RQ3ZmVTBtZzEiLCJleHAiOjE1MTM3NjI1ODYsImlhdCI6MTUxMzc1ODk4NiwianRpIjoiMjUxNDNlN2ItNzcwNS00ZTk5LTk3MzctZGNjNzE1OGVmMGI5IiwiY2xpZW50X2lkIjoiN2M2Y2toY2c0ZzgzdTgxNWM5cHYwb2pjOGYiLCJ1c2VybmFtZSI6ImFwcHRlc3QxMjN4In0.VSGFVdOo_JbqfHfHqQXF8Kn0zEPjVmIOIOWfML8G9VSy3-hG-SLpspzRei-u0QZgB7sEnINL-FskdcWsfgkMlU7mk9qHJmJ79JgaGeCtKjRlRws40dWvkV4ty35tRYb19m22hLxi17uyU31oICIOLPYsFFwJ1Fnz_UJxSajR7tDNcCTPF39ehAnbgF5zHTZvMT6nlclMcGRudsr9Rf6GYvF7CQIYicpy5DhmRzVMsNgc1tKl2YCtD8DDATm2qil8Hk8xbAupN_jpo7xtmdv_urCaPMa5Jr7ODx0gSvX9UeMHvOWxJWirPlbIr9VbF5lYI9ZcGmzrhGXkMrZgT8z5DA";
     String accessToken = "eyJraWQiOiJFWk9hNVM1ODZHUEI0WUpSZ3lmZ2lpK2k4K29aUWFReUtOeVh0UHBzeWVFPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiIxOGM3OTU0ZC03ZWU2LTQ1ODYtYTRkNi01NWYxOGY4YzY0ZDQiLCJldmVudF9pZCI6IjYzYWRlZTk3LWY1MTktMTFlNy04MDFlLTQxODUwYTY0YjAyYyIsInRva2VuX3VzZSI6ImFjY2VzcyIsInNjb3BlIjoiYXdzLmNvZ25pdG8uc2lnbmluLnVzZXIuYWRtaW4iLCJpc3MiOiJodHRwczpcL1wvY29nbml0by1pZHAudXMtZWFzdC0xLmFtYXpvbmF3cy5jb21cL3VzLWVhc3QtMV9RQ3ZmVTBtZzEiLCJleHAiOjE1MTU0OTExMDUsImlhdCI6MTUxNTQ4NzUwNSwianRpIjoiZmQwNjg2ZDEtNzJiOC00ZjRmLTg2MTEtMDgwZjJkNmMwNmNmIiwiY2xpZW50X2lkIjoiN2M2Y2toY2c0ZzgzdTgxNWM5cHYwb2pjOGYiLCJ1c2VybmFtZSI6ImFwcHRlc3QxMjN4In0.HvA8mFDgvKRQOWwQ8AyxsQqIhsRZsdmazIhzsor4ZXp-et4_m7wkxsuLbIqrY-DqPccQQEmNmFC0ddjdisgSjw66kTX3mvNzoKF8c_---jbKtRG-5rrY-M9IDIUXzHU-bk93TXeFesMLZ-MtmhwmT2Tm7MSocfaZBYpD_Du27qefV1bZwU9SqJzVUq8-1wvrApiylCEAZ-77yTRmHLRsL3owirA4SrL2eLCic1yiWgMk4Ko-OE4jvvu2WC53Qq-W58-PLU3Tz3gWkF8T7ROsTKSNM8VemropnKJPPcfRwWVeUvdWkkX9DsEK2cNjXXyhI8uTqI_7mcT9pXUNYCEfjQ";
        ConfigurableJWTProcessor jwtProcessor = new DefaultJWTProcessor();
        JWKSource keySource = new RemoteJWKSet(new URL("https://cognito-idp.us-east-1.amazonaws.com/us-east-1_QCvfU0mg1/.well-known/jwks.json"));
        JWSAlgorithm expectedJWSAlg = JWSAlgorithm.RS256;
        JWSKeySelector keySelector = new JWSVerificationKeySelector(expectedJWSAlg, keySource);
        jwtProcessor.setJWSKeySelector(keySelector);
        SecurityContext ctx = null; // optional context parameter, not required here
        JWTClaimsSet claimsSet = jwtProcessor.process(accessToken, ctx);
        System.out.println(claimsSet.toJSONObject());
    }


    public static void valid2() throws Exception {

// The access token to validate, typically submitted with a HTTP header like
// Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6InMxIn0.eyJzY3A...
        String accessToken =
                "eyJraWQiOiJFWk9hNVM1ODZHUEI0WUpSZ3lmZ2lpK2k4K29aUWFReUtOeVh0UHBzeWVFPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiIxOGM3OTU0ZC03ZWU2LTQ1ODYtYTRkNi01NWYxOGY4YzY0ZDQiLCJldmVudF9pZCI6Ijg1MGFkZjQ1LWY1MTUtMTFlNy1iY2FiLWU3MTA1NGZiZGE2ZSIsInRva2VuX3VzZSI6ImFjY2VzcyIsInNjb3BlIjoiYXdzLmNvZ25pdG8uc2lnbmluLnVzZXIuYWRtaW4iLCJpc3MiOiJodHRwczpcL1wvY29nbml0by1pZHAudXMtZWFzdC0xLmFtYXpvbmF3cy5jb21cL3VzLWVhc3QtMV9RQ3ZmVTBtZzEiLCJleHAiOjE1MTU0ODk0NDMsImlhdCI6MTUxNTQ4NTg0MywianRpIjoiYTRiY2RmOGQtYjZhOS00MjNjLTkzZWUtNzcwY2IyM2QxODVmIiwiY2xpZW50X2lkIjoiN2M2Y2toY2c0ZzgzdTgxNWM5cHYwb2pjOGYiLCJ1c2VybmFtZSI6ImFwcHRlc3QxMjN4In0.lsjFjNf4jOw5U4Qhg0U-RjzefyXDd0L8pkYubysYQIIJpo6O_Ua8l-n7wDPDq0oM1KeKBTf8Bh07Dozp2_u77SQGwd8UZx80ctaMgu5Ulmdir2qjJi6APvwgNEUPjuQvHo0bZdtIPwbGDeRa2hcPQZgk4CTrlaADygYLpFanq0c0nh49V6IX8jEcEU87_oQMq1xD-DfQ3LCWGft-9bmRP9wF0sKaiohdDq6TSi1rVKia8u60Hv7QYYacUDgp6WXB4SOUMdHxwlLagI84c2b3gDjIhsHPudegRYk_mfhyJaytnYCOmDPvei6IpXK2GT5PeMXPuM9QZEXhSCNJQYZjNQ";

// Set up a JWT processor to parse the tokens and then check their signature
// and validity time window (bounded by the "iat", "nbf" and "exp" claims)
        ConfigurableJWTProcessor jwtProcessor = new DefaultJWTProcessor();

// The public RSA keys to validate the signatures will be sourced from the
// OAuth 2.0 server's JWK set, published at a well-known URL. The RemoteJWKSet
// object caches the retrieved keys to speed up subsequent look-ups and can
// also gracefully handle key-rollover
        JWKSource keySource = new RemoteJWKSet(new URL("https://demo.c2id.com/c2id/jwks.json"));
//        JWKSource keySource = new RemoteJWKSet(new URL("http://localhost/mytest/test.json"));

// The expected JWS algorithm of the access tokens (agreed out-of-band)
        JWSAlgorithm expectedJWSAlg = JWSAlgorithm.RS256;

// Configure the JWT processor with a key selector to feed matching public
// RSA keys sourced from the JWK set URL
        JWSKeySelector keySelector = new JWSVerificationKeySelector(expectedJWSAlg, keySource);
        jwtProcessor.setJWSKeySelector(keySelector);

// Process the token
        SecurityContext ctx = null; // optional context parameter, not required here
        JWTClaimsSet claimsSet = jwtProcessor.process(accessToken, ctx);

// Print out the token claims set
        System.out.println(claimsSet.toJSONObject());
    }

}
